PCI-DSS

The Payment Card Industry Data Security Standard (PCI-DSS) is a globally recognized set of policies and procedures intended to optimize the security of credit card transactions. PCI applies to all organizations, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data. The framework aims to protect sensitive cardholder information during transactions and prevent credit card fraud. Depending on the number of transactions per year a vendor handles, a formal third party audit may be necessary. If a formal audit is unnecessary, the other way a vendor may prove compliance is through a Self Assessment Questionnaire (SAQ). There are varying SAQs depending on the business environment of the vendor.